Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-29046

Опубликовано: 12 апр. 2022
Источник: redhat
CVSS3: 5.4
EPSS Средний

Описание

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2074851subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

EPSS

Процентиль: 95%
0.2
Средний

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-29046

CVSS3: 5.4
nvd
почти 4 года назад

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

github логотип

GHSA-wpr6-qvcq-8269

CVSS3: 5.4
github
почти 4 года назад

Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

EPSS

Процентиль: 95%
0.2
Средний

5.4 Medium

CVSS3